package org.example.jdbc;

import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Scanner;

public class JDBCLogin {
    public static void main(String[] args) throws SQLException {
        try(Connection connection=DBUtil.getConnection()) {
            Statement statement = connection.createStatement();
            Scanner sc=new Scanner(System.in);
            System.out.println("Enter username: ");
            String user=sc.nextLine();
            System.out.println("Enter password: ");
            String pass=sc.nextLine();
            ResultSet resultSet = statement.executeQuery("SELECT password FROM user WHERE username='" + user + "'");
            //会出错 SQL注入攻击   解决方法  ：把用户的输入数据当作字符串值来看 避免SQL注入攻击
            if(resultSet.next()) {
                if(pass.equals(resultSet.getString("password"))){
                    System.out.println("登录成功");
                }else{
                    System.out.println("用户名或密码错误");
                }
            }else{
                System.out.println("无此用户,用户名错误");
            }
        }catch (SQLException e){
            System.out.println("SQLException: "+e);
        }

    }
}
